Patient Portal
Monthly
Navigating to a specific URL with a patient ID number will result in the server generating a PDF of a lab report without authentication and rate limiting. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in eClinicalWorks healow@work 8.0 build 8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Navigating to a specific URL with a patient ID number will result in the server generating a PDF of a lab report without authentication and rate limiting. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in eClinicalWorks healow@work 8.0 build 8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.